sirusx69

Is it worth the 600$ to take this online course and get my "Offensive Security Professional" certificate with the program backtrack? supposedly the FBI uses this program in their tool belt for their division in internet crime. wanted professional opinions on this course of wither or not its worth it.

Cellus

BackTrack is, simply put, a Linux LiveCD with a range of free and open-source tools on it. You could obtain pretty much any of the tools provided on it for free as well as find the documentation needed to use them online.

Be very careful about this "Offensive Security Professional" business. In a nutshell, "Offensive Security Professional" is another word for "hacker", so to speak. Don't get me wrong, there are plenty of security professionals who know how to hack, and do it legitimately (in the case of penetration and vulnerability testing). This is what is known as Ethical Hacking, and is definitely important in many aspects of IT security. However I should note that area in the IT security industry is fairly small, and obtaining such a credential can be questionable, especially depending from the source.

Who/where is the course being offered? Is it coming from a reputable institute? Certificates such as EC-Council's Certified Ethical Hacker are somewhat recognized, however many places which have similar offerings are not.

While I have little doubt a lot of the tools taught in the CEH certification as shown above are in Backtrack, I have my suspicions on what you are looking at. Generally the decent, trustworthy, and reputable certifications which are offered do not specifically tout a particular utility, even if it is something like Backtrack (which by itself is, yes, legitimate - I use the Backtrack LiveCD for basic security inspection myself). However I should note Backtrack is anything but completely unique - you could assemble your own Linux LiveCD and place the tools on there yourself. The advantage with Backtrack is it is already done for you and all of the configuration required in getting everything up smoothly is already done for you.

The tools themselves available in Backtrack are definitely not for the feint of heart. Documentation for some is sporatic, and the vast majority of it is executed via command line in a terminal window (the GUI element to Backtrack is simply a modified Slackware linux distribution). While some of the tools have graphical front-ends available, such as nmapFE, many do not.

To summarize, be very aware when going into the realm of ethical hacking. If you are to do it legitimately (read: legally) there are many steps to follow. Learning how to use a particular tool, even one as powerful and useful as Backtrack, does not teach you the fundamental and vital principles involved. There is a lot more to it than just using the tools. I would not recommend taking the course you are looking into.

Addendum: If you want to look into something like ethical hacking, consider it carefully and get taught the proper way. The Certified Ethical Hacker certificate from EC-Council would be something to look into. But remember, it is a dicey world you would be getting into. Many security researchers have been charged and arrested as a lot of this strays into a very gray area in the law.

sirusx69

Alright, thanks for your input! I will check out this EC Ethical Hacker Course.
Basically, I am 18 years old. I've been using a computer since the age of 6 and since then have always be interested in how things work etc...Back in the day of AOL 4.0 me and my friend got together and decided lets learn how to "hack" so we would do intensive research on protocols and how to use different ports to different things. We were actually getting pretty decent till he made a dumb mistake and sent a backdoor he had found through email, AOL busted us both but because of our age (still minors back then) they let us off with a harsh warning. Since then I've been yet to return to the world of "hacking" except small things such as Diablo 2 etc..now is the time, I am now 18 , more knowledgeable than i was at the age of 10 and I think I am ready to begin learning once more and return to this harsh world of cyber security. Backtrack Specifically caught my interest just because of the reason you said, it had everything there for me. After researching backtrack I found that course.

It is kinda odd though, that i've randomly decided to return to this neutral world between "hackers" of good and evil. My plans are to go to SPC or UF and major in computer security and eventually look into it as a full time career possibly (don't dream bash) in the FBI or CIA.

Once again, thanks for the insight, I will be sure to check out your suggestion of a course.

Cellus

Keep in mind ethical hacking is fairly niche in an already niche world (IT Security, the real IT Security sector). There are other avenues that branch fairly closely to it, such as security research (eg. finding vulnerabilities and reporting them) to "pen-testing" (penetration testing - testing the security of a system/network for security holes).

The FBI and NSA are fairly up there when it comes to such areas, and getting a job with them is no walk in the park. It's hard.

One of the key things you should keep in mind, and this really does apply to any and all IT jobs in the "industry", is you need both knowledge and experience (almost always professional experience). Do not expect to get that coveted job at the FBI off the bat. You will most likely require years of experience for them to even look at your resume/CV.

So where do you go, and how do you get there?

Start small. Take the "usual" career lines into the industry and get some general experience under your belt. That means IT Support positions. It's from there that you can start to branch off and specialize. And from there specialize more...

You will need more than a CEH to even get started (a CEH is more of a later, more advanced certification). You will require more fundamental ones, such as A+ and Network+, to MCSA/MCSE to "start" in a decent position. From there you will need experience, and from there while you have a couple years under your belt can look into the more advanced certs (eg. CISSP, the CEH, etc).

However while you're doing that, can't you do something already? Sure you can! Start your own DIY (Do-It-Yourself) projects. Set up a real network at home, with servers, and secure them. Play around with them. Take what you learn both academically and at-work to improve it. Experiment. Try things out. Before you can even consider "breaking things", you need to be able to make them and know how they work and behave. And remember, setting up a server can be as easy as scavenging that old beige tower of yours and installing an OS (if you want to consider "real security", install Linux as it is infinitely more open and configurable, not to mention secure). Learn Linux. It's a huge (if not "alien") world compared to Windows, and if you want to get into IT security you're going to need to know Linux/UNIX.

And above all, be patient.

Addendum: I should note if you have been primarily a Windows user, using Linux for the first time can - correction, will - be overwhelming. Do yourself a favour and pick up a book or two. And by all means, feel free to peruse our Alternate Computing boards. Lots of people have asked many questions in regards to starting off, so check out our Linux Support board.